I'm using [this][1] library to generate SSL certificates. My storage generates 4 files: certificate.pem, private_key.pem, chain.pem, and fullchain.pem.
I want to install this certificate in acquia cloud using their Rest API post endpoint to install ssl certificate. The payload looks like the following:
{
"legacy": 0,
"certificate": "pasted the content inside our certificate.pem",
"private_key": "pasted the content inside private_key.pem",
"ca_certificates": "pasted the content inside the fullchain.pem",
"label": "My New Cert"
}
When I send a request, I received an error to contact they api owner support, and searching around through the server log I came across this:
Error response: 500 (Internal Server Error). Error message: Site certificate CA chain certificates are out of order..
What exactly does this error mean by saying out of order?
Related
I have been learning with WebSocket++ and built some of the server examples (Windows 10 Visual Studio 2019). The non-TLS examples work without issues, however, the TLS-enabled examples (echo_server_both.cpp and echo_server_tls.cpp) can't do the handshake. I am very new to web development in general so I know I must be doing something wrong with regards to the certificate and keys.
I am testing the servers with WebSocket King client, an extension of Google Chrome that connects correctly to other websocket servers like wss://echo.websocket.org and to my own localhost when I don't use TLS.
The echo_server_both example comes with a server.pem file, and the echo_server_tls example comes with server.pem and dh.pem. I have used the same files that come with the samples, and I have also tried generating and registering my own .pem files using openSSL. In both cases I get this when the client tries to connect:
[2021-06-29 20:51:21] [error] handle_transport_init received error: sslv3 alert certificate unknown
[2021-06-29 20:51:21] [fail] WebSocket Connection [::1]:63346 - "" - 0 asio.ssl:336151574 sslv3 alert certificate unknown
[2021-06-29 20:51:21] [info] asio async_shutdown error: asio.ssl:336462231 (shutdown while in init)
I discovered these errors after I edited handle_init() in tls.hpp, following a suggestion in another site, to look like this:
void handle_init(init_handler callback,lib::asio::error_code const & ec) {
if (ec) {
//m_ec = socket::make_error_code(socket::error::tls_handshake_failed);
m_ec = ec;
} else {
m_ec = lib::error_code();
}
callback(m_ec);
}
This change let the actual openSSL error to show in the console, otherwise it would show a generic "handshake failed" error.
I know I'm not doing what I should with the certificates, but I have no idea where else to look or what to do next. Can anyone here help please? Should I use the .pem files that come with the examples, or should I generate my own? in case I should generate my own, what would be the openSSL command to do that correctly and how do I tell my PC to recognize these as valid so that the server works?
Found the problem: WebSocket++ will not accept a self-signed certificate (the ones you can create directly in your own PC using OpenSSL or the Windows utilities). There is no way around it. You must have a valid, authority-validated and endorsed certificate. You can get such a certificate for free (valid only for 90 days) from https://zerossl.com/. The site has detailed instructions on how to request, obtain and install a certificate. After getting a valid certificate and installing it on my server, everything worked as it should.
I have set up a lambda and attached an API Gateway deployment to it. The tests in the gateway console all work fine. I created an AWS certificate for *.hazeapp.net. I created a custom domain in the API gateway and attached that certificate. In the Route 53 zone, I created the alias record and used the target that came up under API gateway (the only one available). I named the alias rest.hazeapp.net. My client gets the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. Curl indicates that the TLS server handshake failed, which agrees with the SSL error. Curl indicates that the certificate CA checks out.
Am I doing something wrong?
I had this problem when my DNS entry pointed directly to the API gateway deployment rather than that backing the custom domain name.
To find the domain name to point to:
aws apigateway get-domain-name --domain-name "<YOUR DOMAIN>"
The response contains the domain name to use. In my case I had a Regional deployment so the result was:
{
"domainName": "<DOMAIN_NAME>",
"certificateUploadDate": 1553011117,
"regionalDomainName": "<API_GATEWAY_ID>.execute-api.eu-west-1.amazonaws.com",
"regionalHostedZoneId": "...",
"regionalCertificateArn": "arn:aws:acm:eu-west-1:<ACCOUNT>:certificate/<CERT_ID>",
"endpointConfiguration": {
"types": [
"REGIONAL"
]
}
}
I need some help. I'm integrating getstream.io into my laravel application (v5.1), I'm stuck with this error:
cURL error 60: SSL certificate problem: unable to get local issuer
certificate
This is my code:
use GetStream\Stream\Client;
public function index()
{
$client = new Client('rrzp7mz8htgn', '8cgs94jg2z5da2h4q2an8q6q5vktrp8y8w7rsft3zndf63c8y9n59g2h2qvtdhqq');
$ericFeed = $client->feed('user', 'eric');
$data = [
"actor"=>"eric",
"verb"=>"like",
"object"=>"3",
"tweet"=>"Hello world"
];
$ericFeed->addActivity($data);
}
I followed the instructions below from packalyst
Add the get-stream into your composer:
"require": {
"get-stream/stream-laravel": "~2.1"
},
then run composer update
I also added the provider and the aliases
'providers' => array(
'GetStream\StreamLaravel\StreamLaravelServiceProvider',
...
),
'aliases' => array(
'FeedManager' => 'GetStream\StreamLaravel\Facades\FeedManager',
...
),
I run:
php artisan vendor:publish --provider="GetStream\StreamLaravel\StreamLaravelServiceProvider"
I emailed already getstream.io, but no response yet. I'll be updated this post when I received some answers from them.
I also checked this post from laracast, but there's no answer.
https://laracasts.com/discuss/channels/general-discussion/activity-feeds-with-getstreamio?page=0
Getstream.io replied to my email and helped me, Here's the solution,
the SSL error message it’s usually related to using old certificate
key chains with CURL. This is unfortunately quite of a common issue
with CURL and SSL, I suggest you to try the solution suggested in this
thread:
Paypal Access - SSL certificate: unable to get local issuer certificate
and this is what i did:
Downloaded cacert.pem from the above link at curl.haxx.se/ca/cacert.pem and save it to c:/wamp/bin/php/php5.5.12/cert/
Click my wamp icon, navigate to PHP > php.ini
Added the following line and click save.
curl.cainfo=c:/wamp/bin/php/php5.5.12/cert/cacert.pem
Restart wamp and that's it. it worked
Hope this helps other developers using getstream.io. Credits to Tommaso of getstream.io.
On our SharePoint 2010 farm we renewed our SSL certificate, and after renewal we started to get following error in Event Log
Event ID 8311
An operation failed because the following certificate has validation errors:\n\nSubject Name:
CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US\nIssuer Name: CN=SharePoint Root Authority, OU=SharePoint, O=Microsoft, C=US\nThumbprint: \n\nErrors:\n\n
RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
Website is generally working with correct renewed certificate. Even Claims Authentication between SharePoint and custom security app is also working. But some of the SharePoint services are giving serious issues like search is not working and giving following error:
The requested service, 'http://server:32843/f6a9024b8bbe48ebae7e9ffc8f5809dd/SearchService.svc' could not be activated. See the server's diagnostic trace logs for more information.
Stack trace:
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
When I run Get-SPSite command in powershell I get following error
Get-SPSite : ID4257: X.509 certificate 'CN=SharePoint Security Token Service, OU=SharePoint, O=Microsoft, C=US' validation failed by the token handler.
I am not able to deactivate/activate any features on the server, it throws certificate error.
I have already tried following:
1. Recreating the local trust relationship using following commands
$rootCert = (Get-SPCertificateAuthority).RootCertificate
New-SPTrustedRootAuthority -Name "localNew" -Certificate $rootCert
2. Adding "SharePoint Root Authority" certificate to certificate store on each server in the farm, in mmc SharePoint certificates "SharePoint Security Token Service" certificate is displayed under "SharePoint Root Authority" certificate.
I had a similar issue, our symptom was
<EventID>8311</EventID>
...
<Data Name="string3">NotTimeValid: Unknown error.</Data>
the root cause was that the site was surfacing SSRS (on the same host) and it was the SSRS (which has a different binding engine to IIS) certificate had expired, but was being logged by SharePoint.
I would make a secure server, I have follow this tutorial.
It work, but I would know how I can use .p12 certificate or .cer.
And when I 'bindSecure' my server, I request a certificate. But when I try to connect, after have choose a client certificate, I get an error (net::ERR_SSL_PROTOCOL_ERROR). I did something wrong ?
if (!args.contains('--setup'))
SecureSocket.initialize(database: config['SSLpath'], password: config['SSLpass']);
HttpServer.bindSecure(config['Host'], config['SSLport'], certificateName: config['SSLname'], requestClientCertificate: true).then((server) {
getRoute(server, _virDir);
}).catchError((e) => throw "An error occured: ${e}.");
I use keychain on Mac OS for generating certificate.